Compliance Framework – Secretarial Audit Compliance Management and Due Diligence Important Questions
Write Short Note on: “Risk of non-compliance”.
Following are risks of non-compliance:
- Cessation of Business Activities.
- Civil action by the Authorities.
- Punitive action resulting in fines against the company or officials.
- Imprisonment of the errant officials
- Public embarrassment
- Damage to the reputation of the Company and its employees.
- Attachment of Bank Accounts.
Write Short Note on the following: “Compliance Programmes”.
The objective of compliance programme is to manage the compliance risk effectively, to promote ethical culture in the organisation, resulting in the maintenance and enhancement of the reputation of the Company.
An effective Compliance Programme help the business and its stake-holders to learn about the compliance responsibilities individually and for the organisation as a
whole as well as making them a part of business processes.
The compliance programme reviews operations to ensure responsibilities are carried out and requirements are met. It helps the management to take corrective action wherever necessary.
Compliance Programmes serve following purposes:
- Prevention from violation of law.
- Promotion of Culture of Compliance.
- Encouragement to Good Corporate Citizenship.
Write Short Note on: “Compliance Risk”.
- Compliance risk is the current and prospective risk to earnings or capital arising from violations of or non-conformance with laws, rules, regulations, prescribed practices, internal policies and procedures or ethical standards.
- This risk exposes the institution to fines, civil money penalties, payment of damages and voiding of contracts.
- Compliance risk can lead to diminished reputation, reduced expansion potential and an inability to enforce contracts.
Write short note on: “Compliance Dashboard”.
The Compliance Dashboard helps in simplifying :
- Compliance obligation,
- Effectively managing the compliance risk,
- Facilitating board oversight,
- Effective co-ordination of functional units.
Some of the features of an effective Compliance Dashboard is as follows:
- The Compliance Dashboard should alert the company in the risk prone areas or in case of non-compliances.
- It should display the compliance obligations on the compliance calendar or dashboard.
- Before the date of regulatory mandate an e-mail should be sent to the compliance owner.
- The Compliance owner should send the response once compliance is done.
Compliance Audit is not a fault finding exercise; rather a device to scale-up compliance mechanism of a company, commensurate to its size and operations.
1. Compliance audits may be planned, performed and reported separately to the Board, Senior management or Regulators. The compliance audit is completely different from the audit of financial statements and from performance audits.
2. The compliance audits may be conducted separately on a regular basis as distinct and clearly defined audits each related to a specific subject matter.
3. As per CAG Auditing Standards, the Compliance audit is the independent assessment of whether a given subject matter is in compliance with applicable authorities identified as criteria. Compliance audits are carried out by assessing whether activities, financial transactions and information comply in all material respects with the authorities who govern the audited entity.
4. Compliance auditing may be concerned with:
- Regulatory – adherence of the subject matter to the formal criteria emanating from relevant laws, regulations and agreements applicable to the entity.
- Propriety – observance of the general principles governing sound financial management and the ethical conduct of public officials.
Distinguish between the following:
‘Apparent’, ‘adequate’ and ‘absolute’ compliance.
Good Corporate Governance demands compliances levels that match the intentions of legislature, expectations of stakeholders and requirements of regulators. However, the compliances, generally found to fall in three categories, i.e., Apparent Compliances, Adequate Compliances and Absolute Compliances.
The difference between three compliances is discussed below:
1. Apparent compliance is a disguise form of non-compliance which is worse than non-compliance. The classic example for Apparent Com-pliances are generating documents such as notice, agenda, minutes on papers for board and general meeting which are not actually held.
2. Adequate compliance is compliance in letter. The aspects specified in law are complied in letters without getting into the spirit of the law, example box ticking practices.
3. Absolute compliances are those which are in line with the spirit and intent of the law. A typical example in this regard is demonstrating shareholders’ democracy as prescribed by law. When a company complies with law in its spirit it gains public confidence as well.
Example : Infosys has set new and effective standards in communicating with shareholders, stock exchanges and general public at large.
Hindustan Zinc Ltd. has issued the tender for developing Compliance Software for the Company. Webscroll Co. Ltd. was the successful bidder giving lowest price bid. As a Compliance Solution Provider, what are the < approaches to be adopted by Webscroll Co. Ltd.
As a Compliance Solution Provider following approaches are adopted by Webscroll Co. Ltd. as discussed below:
1. Risk/Cultural Assessment: Through employee surveys, interviews and document reviews, a company’s culture of ethics and compliance at all levels of the organization is validated. The basis of this assessment is to identify gaps between company’s current practices and the regulatory requirements.
2. Program Design/Update: In this approach the review of the guideline documents that outline the reporting structure, communications meth-ods and other key components of the code of ethics and compliance program is accessed. This encompasses review of all aspects of the compliance program from grass root policies to structuring board committees that oversee the program.
3. Policies and Procedures: In this approach of compliance assessment, the company should review, develop or enhance the detailed policies of the program including issues of financial reporting, anti-trust, conflicts of interest, gifts and entertainment, records accuracy and retention, employment, the environment, global business, fraud, political activ¬ities, securities, and sexual harassment etc.
4. Communication, Training, and Implementation: The Company focuses on the articulation, communication and reinforcement of the various policies and procedure of the company along with the philosophy behind such policies. Further training program on such policies help in the adoption of such policies in day-to-day realities and helps inculcation the same incorporate.it into the attitudes and behaviours of the employees of the company.
5. Ongoing self-Assessment, Monitoring, and Reporting: The true test of a company’s ethics and compliance program comes over time.
- How does one know in one year or five years that both the intent and letter of the law are still being observed throughout organization?
- How does the program and the organization adapt to changing legislation and business conditions?
- As the organization evolves for example, through mergers and acquisitions will the program remain relevant?
The cultural assessment, mechanisms and processes put in place including employee surveys, internal controls and monitoring auditing programs help organisations to achieve sustained success.
Critically examine and comment: “Corporate Compliance Management can add substantial business value only if compliance is done with due diligence”.
1. Compliance Management can add substantial business value only if compliance is done with due diligence. A company secretary is the ‘Compliance Manager’ of the company. It is he who ensures that the company is in compliance with all regulatory provisions.
2. Corporate disclosures which play a vital role in enhancing corporate valuation is the forte of a company secretary. These disclosures can be classified into statutory disclosures, non-statutory disclosures, specifies disclosures and continuous disclosures. A company secretary has to ensure that these disclosures are made to shareholders and other stakeholders in true letter and spirit.
3. The advisory services of the company secretaries impacts to all components and activities of the compliance framework as the business receives one point specialized support and advice to help manage its compliance risks more effectively. The company secretary play a proactive advisory role as he advises management, boards and committees, the compliance executor and the employees.
4. In nutshell, the company secretary is the professional who guides the Board and the company in all matters and renders advice in terms of compliance as well as ensures that the Board procedures are duly followed, best global practices are brought in and the organisation is taken forward towards good corporate citizenship.
Explain the role of Board of Directors in doing their oversight function on the subject of Compliance Management. How Company Secretary of the Company could play a significant role in helping the Board in institutionalizing an adequate and effective Compliance Management System (CMS)?
Role of Board of Directors in doing oversight function on the subject of Compliance Management:
1. The board of directors and management must recognize the scope and implications of applicable laws and regulations.
2. They must establish a compliance management system as a supporting system of risk management system as it reduces compliance risk to a great extent.
3. To ensure an effective approach to compliance, the participation of senior management in the development and maintenance of a compliance program is very important. They should review the effectiveness of compliance management system at periodic interval’s so as to ensure that it remains updated and relevant in terms of modifications/ changes in regulatory regime including acts, rules, regulations etc. and business environment.
Role of Company Secretaries in Compliance Management:
1. Compliance Management can add substantial business value only if compliance is done with due diligence. A company secretary is the ‘Compliance Manager’ of the company.
2. These disclosures can be classified into statutory disclosures, non-statutory disclosures, specifies disclosures and continuous disclosures. SEBI (Listing Obligations and Disclosure Requirements) Regulation, 2015 spells out elaborately on various aspects of disclosures which are to be made by the company such as contingent liabilities, related party transactions, proceeds from initial public offerings, remuneration of directors and various details giving the threats, risks and opportunities under management discussion and analysis in the corporate governance report which is published in the annual accounts duly certified by the professional like company secretaries.
3. A company secretary has to ensure that these disclosures are made to shareholders and other stakeholders in true letter and spirit.
4. The advisory services of the company secretaries impacts to all components and activities of the compliance framework as the business receives one point specialized support and advice to help in management of its compliance risks more effectively.
5. The company secretary play a proactive advisory role as he advises Management, Boards and Committees, compliance executor and the employees.
6. The company secretary provide advice on compliance risk, responsibilities, obligations, concerns and other compliance issues that are suitable for the business practices and operational constraints of the company.
7. In nutshell, the company secretary is the professional who guides the Board and the company in all matters, renders advice in terms of compliance and ensures that the Board procedures are duly followed, best global practices are brought in and the organisation is taken forward towards good corporate citizenship.
Critically examine and comment on the following: Corporate laws are core competence areas of a Company Secretary and Corporate Compliance Management broadly requires complete compliance of these laws.
Corporate laws are core competence areas of a Company Secretary and corporate compliance management broadly requires complete compliance of these laws. Some of the important corporate laws are given below in brief:
- Companies Act, 2013 and the Rules and Regulations framed there under, MCA-21 requirements and procedures.
- Secretarial Standards / Accounting Standards / Cost Accounting Standards issued by ICSI/ICAI/ICMAI respectively.
- Emblems and Names (Prevention of Improper Use) Act, 1947.
- Foreign Exchange Management Act, 1999 and the various Notifications, Rules and Regulations framed thereunder.
- Foreign Contribution (Regulation) Act, 2010.
- Conservation of Foreign Exchange and Prevention of Smuggling Activities Act, 1974.
- Competition Act, 2002.
- Special Economic Zones Act, 2005.
- Prevention of Money Laundering Act, 2002.
- Micro, Small and Medium Enterprises Development Act, 2006.
- Essential Commodities Act, 1955.
Critically examine and comment on the following:
“Compliance with the requirements of law through a compliance management programme can produce positive results at several levels”.
Critically examine and comment: “Significance of Corporate Compliance Management”.
Compliance with the requirements of law through a compliance management programme can produce positive results at several levels; the significance are as follows :
- Go to the extra mile and lays the foundation for the control environment.
- Likely to avoid stiff personal penalties both monetary and imprisonment.
- Companies that embed positive ethics and effective compliance management program deep within their culture often enjoy healthy returns through employees and customers loyalty and public respect for their brand both of which can translate into stronger market capitalization and shareholder returns.
- Safety valve against unintended non-compliances/prosecutions, etc.
- Cost savings by avoiding penalties/fines and minimizing litigation.
- Better brand image and positioning of the company in the market.
- Enhanced credibility/creditworthiness that only a law abiding company can command.
- Goodwill among the shareholders, investors, and stakeholders.
- Recognition as Good Corporate Citizen.
In nutshell, the benefits of implementing and maintaining an effective compliance program far outweigh its costs. Not only does the compliance management protect investor’s wealth but also helps the business in running successfully with any potential risk being addressed in a timely and accurate manner.
Z Ltd. seeks your opinion on the role of the various levels of management for compliance ownership. Explain the role.
The ownership of the various compliances has to be described func-tion wise and individual wise. Clear description of primary and secondary ownership is also very important.
While the primary owner is mainly responsible for the compliance the secondary owner (usually the supervisor of the primary owner) has to supervise the compliance. The role of the various level of management for compliance ownership can be illustrated as under:
(a) Top Management:
- Understanding the compliance obligations and recent changes.
- Approval of Policy and Procedures.
- Motivating employees to ensuring compliance on time.
(b) Legal Cell:
- Identification of new and changed relevant local laws, regulations and standards.
- Communication in Writing to compliance owner/executor.
- Review of systems, policies and Procedures.
- Resolution of Doubts and Clarity in Directions.
- Periodical Review and Assessment.
(c) Senior Management & functional Heads:
- Analysis and research on the Regulatory changes.
- Formation of Policy and procedure.
- Motivating Compliance officer to ensure timely compliance.
- Guiding compliance officer in executing compliance.
- Tracking the Compliance chart.
- Risk Escalation.
- Conflict Resolution.
(d) Compliance Officer/Subordinate staff:
- Performing Compliance Obligations.
- Updating Compliance obligations into the Compliance Chart.
- Risk Identification and intimation.
- Conflict intimation.
“Good Corporate Governance demands compliances level that match the intentions of Legislature, expectations of Stakeholders and requirements of Regulators”. Explain.
Good Corporate Governance demands compliances level that matches the intentions of legislature, expectations of stakeholders and requirements of regulators. The compliances, however, generally found to fall in three categories, i.e. Apparent Compliances, Adequate Compliances and Absolute Compliances.
Apparent compliance is a disguise form of non-compliance, which is worse than non-compliance. The classic example for Apparent Compliances are generating documents such as notice, agenda, minutes on paper for board and general meeting which are not actually held.
Adequate compliance is compliance in letters. The aspects specified in law are complied in letters, without getting into the spirit of the law, e.g. box ticking practices. Absolute compliances are those which are in line with the spirit and intent of the law. A typical example in this regard is demonstrating shareholder democracy as prescribed by law.
When a company complies with law in spirit it gains public confidence as well. Experts view annual report as self-appraisal report of the company. The shift from shareholder concept to stakeholder concept has necessitated the corporate to provide a transparent report which is viewed by all stake-holders such as shareholders, creditors, lenders, strategic investors etc.
as a potential source of information. In order to attain corporate sustainability and to ensure a level playing field with international market, corporate has to necessarily increase their level of compliance from apparent to adequate leading to level of absolute compliance.
You have been appointed as Company Secretary of XYZ Ltd., a listed company, having diversified business and multi-operational branch offices. On joining your office, you observed that under the prevailing scenario a comprehensive compliance management system is necessary. Prepare a checklist that should be considered by you about the desired system. What would be your responsibility as Company Secretary of the Company in due compliance of the desired system?
The compliance system and processes in a company are dependent mainly on the following factors:
- Nature of business(es).
- Geographical domain of its area of operation(s).
- Size of the company both in terms of operations as well as investments, technology, multiplicity of
- business activities and manpower employed.
- Jurisdictions in which it operates.
- Whether the company is a listed company or not.
- Regulatory authority(ies) in respect of its business operations.
- Nature of the company viz., private, public, government company, etc.
A Company Secretary is the ‘Compliance Manager’ of the company. It is he who ensures that the company is in total compliance with all regulatory provisions. Corporate Disclosures, which play a vital role in enhancing corporate valuation, is the forte of a Company Secretary. These disclosures can be classified into statutory disclosures, non-statutory disclosures, specifies disclosures and continuous disclosures.
The company secretary is the professional who guides the board and the company in all matters, renders advice in terms of compliance and ensures that the board procedures are duly followed, best global practices are brought in and the organisation is taken forward towards good corporate citizenship.
The function of Company Secretary includes:
- to report to the Board about compliance with the provisions of this Act, the rules made there under and other laws applicable to the company;
- to ensure that the company complies with the applicable secretarial standards;
- to provide to the directors of the company, collectively and individually, such guidance as they may require, with regard to their duties, responsibilities and powers;
- to facilitate the convening of meetings and attend Board, committee and general meetings and maintain the minutes of these meetings;
- to obtain approvals from the Board, general meeting, the government and such other authorities as required under the provisions of the Act.
Write short note on: “Content of Compliance Chart”.
The Compliance Chart of any company must contain the complete information on compliance dashboard which provide a detailed compliance procedure to the compliance executor. This information includes:
- Reference to the key compliance related laws, regulations, industry standards and compliance-related policies and standards of the company;
- Concise statements that capture the relevant internal and external compliance obligations and the risks arising from those obligations;
- Inherent and managed risk level (critical, high, medium, low) of the identified obligations;
- The business processes or people to which the compliance obligations are linked or on which they have an impact;
- Specific compliance risk mitigation activities, compliance risk tracking and monitoring for managing the compliance obligations;
- To whom and how frequently compliance-related results and findings are reported; and
- Clear ownership of the processes, activities and obligations outlined in the chart.
Discuss briefly the process for setting-up of Compliance Framework?
The processes for Setting-up of Compliance Framework are as follows:
Stage 1 – Identification of Compliance Obligations: Applicability of the various Act, Rules, Regulations, Policies and Procedures covering Industry Specific Sector Specific, Specific Activity, Specific Entity, Specific State Law, Local Laws.
Stage 2- Preparation of Compliance Chart: Setting-up role and responsibilities of Senior Management, Legal Department and Compliance executor.
Stage 3 – Assessment of Historical Compliance Status: Assessment of File Report/Return Statements/Internal Auditor/Independent agency Regulator.
Stage 4 – Assessment of Compliance Risk: Identification of possible situations of non-compliance and development of strategy for Risk Mitigation / Risk Monitoring / Risk Reporting.
Stage 5 – Compliance/Action Reporting: Report of Internal Auditor/ Independent agency/regulator with the possible consequence such as disqualification/suspension /lock out/license cancellation.
Write Short Note On: “Compliance Task Management”.
The company must create plan to manage and report status of all compliance related activities from a centralized data base.
Automated updates from the various compliance modules should provide for up-to-the-date status reporting that could be viewed by the Board of Directors, Compliance Officer, Entity Compliance Coordinators, Quality Offices and others as designated.
An organization need to perform activities relating to the compliance identification, compliance ownership, compliance awareness, compliance reporting and periodical compliance MIS for creating a compliance management framework.